On June 14, 2023, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners issued a Cybersecurity Advisory, providing details on the latest developments in LockBit ransomware incidents. It offers valuable insights and practical recommendations for organizations to bolster their network defenses and prevent future occurrences.

LockBit ransomware has emerged as the most prevalent variant worldwide in 2022 and continues to pose a significant threat in 2023. Since January 2020, LockBit affiliates have targeted organizations of diverse sizes operating within critical infrastructure sectors, including finance, agriculture, education, energy, government, healthcare, manufacturing, and transportation. This ransomware operates on a Ransomware-as-a-Service (RaaS) model, wherein affiliates are recruited to execute attacks using LockBit tools and infrastructure. The decentralized nature of the operation results in a wide range of tactics, techniques, and procedures employed by different affiliates, presenting a significant challenge for organizations striving to fortify their network security and defend against ransomware threats.

To access the advisory, please click here.